Re: ttyv for local only?

guy_at_device.dyndns.org
Date: 06/30/04

  • Next message: Andrew McNaughton: "Re: ttyv for local only?"
    Date: Wed, 30 Jun 2004 11:23:31 +0200 (CEST)
    To: freebsd-security@freebsd.org
    
    

    Your problem make me curious...

    On 30-Jun-2004 Dave wrote:
    >
    > I didn't think syslogd was open to the world by default? Just in case, I
    > now blocked off port 514 for UDP. If it was, then I was just running it
    > open to the world for 2 years and finally noticed :) I guess its not
    > commonly picked on.

    With default settings on a freshly updated 4.10-STABLE "ps ax" says my
    syslogd is running as "/usr/sbin/syslogd -s".
    "man syslogd" says :
         -s Operate in secure mode. Do not log messages from remote
                 machines. If specified twice, no network socket will be opened
                 at all, which also disables logging to remote machines.

    So unless someone changed the way syslogd is launched, this should not be a
    spurious message from a remote machine (but could be from local).

    You may consider using a tool such as security/aide after a fresh
    buildworld to get sure no unauthorised changes are made to your
    system. Assuming your buildchain tools have not been trojaned you can do it
    on the target system. If you have some suspicion, run the buildworld/kernel
    from a live cd or another machine.

    Sorry if all i said sounds obvious, there are some times when possibly
    useless repeating seems worth :]

    --
            Guy
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Andrew McNaughton: "Re: ttyv for local only?"